Skip to main content
CVE-2018-7264 CRITICAL POC THREAT Act Now

The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Activepdf Toolkit
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.5%
CVE-2018-7477 CRITICAL POC Act Now

SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP School Management Script
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7554 CRITICAL POC Act Now

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-7553 CRITICAL POC Act Now

There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-7552 CRITICAL POC Act Now

There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-7551 CRITICAL POC Act Now

There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-6641 CRITICAL POC Act Now

An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Mathtype
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2018-6640 CRITICAL POC Act Now

A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mathtype
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-6639 CRITICAL POC Act Now

An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mathtype
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2018-6638 CRITICAL POC Act Now

A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Mathtype
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-7556 CRITICAL Act Now

LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Limesurvey Debian Linux
NVD
CVSS 3.0
9.1
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy